GDPR & Data Destruction: What You Need To Know

May 15, 2018

The implementation of the GDPR is fast approaching, and the new regulation will change the way in which all businesses collect, store and dispose of their data from 25th May 2018. In order to avoid hefty fines and damages to reputation, businesses will need to ensure complete compliance throughout the entire lifespan of any of its data. To help your business ensure GDPR compliance, we have put together a guide of everything you need to know about data destruction under the new GDPR.

Fines Are Increasing

One of the most significant changes that the GDPR will bring is financial. Businesses who fail to comply, or who fall victim to a data breach through a lack of compliance, will be required to pay fines of up to €20 million or 4% of the businesses’ annual turnover – a significant increase on the fines imposed under the current Data Protection Act. This means that data destruction needs to be secure and efficient, to the point of eliminating the risk of redundant data being recovered by the wrong person.

Documentation is Key

One of the key changes for data destruction under the GDPR is that businesses will be obliged to document the process of destruction much more thoroughly than in the past. Not only will businesses be expected to record exactly what data is stored on which devices, they are also expected to keep a record of what happens to that data throughout the entirety of its lifespan, including its destruction. Under the new regulation, businesses should be able to maintain a chain of custody that proves the whereabouts and ownership of the data, as well as a certificate of destruction to prove that it has been effectively destroyed.

Data Controllers and Processors Are Liable

Under the GDPR, both data controllers and data processors are liable for the security of data. This means that, even if you entrust an ITAD company to destroy your data and data storing devices, you will still be held accountable should a data breach occur. For this reason, it is important that you select a reputable and accredited ITAD provider who will take the same approach to data disposal as you would.

Employees Need Educating

It is vital that all employees, regardless of the nature of the data they interact with, are fully aware of the implementation of the GDPR and how they might change their approach to the security of data destruction accordingly. Not only should you educate your employees as to the financial implications of a breach, you should also make them aware of the impact it can have on their, your business’ and your clients’ privacy. Offering regular GDPR compliance workshops can also be a useful way of getting employees to demonstrate their knowledge, and gives them the opportunity to ask any questions about a specific area of data destruction.

While ensuring GDPR compliance when it comes to data destruction might seem daunting, it also offers you the opportunity to heighten data security for your business, employees and clients, allowing you to offer a better and safer service overall.

With over 22 years industry experience, EOL IT Services are proud to be the UK’s most accredited ITAD provider. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibility and legally.